Consumers will shun firms that have not taken steps to prevent potential data breaches
Two thirds of consumers would shun brokers, which have failed to comply with new rules designed to minimise the risk of fraud when taking credit card details over the phone, new research shows.
Since the beginning of this year, all call centres have been obliged to comply with the Payment Card Industry Data Security Standard (PCI-DSS). This requires all handlers of debit and credit card cardholder information to take prescribed steps to reduce risks of fraud.
A survey carried out by call management technology providers Callstream of 2,000 consumers, who had recently bought insurance through a call centre, found 63% would take their business elsewhere if they discovered the firm they were buying from did not comply with the standard.
Exactly three quarters of respondents said they would actively avoid an insurer or broker if it had been fined for not being PCI-compliant.
And even if the broker had not been fined, almost all (96%) consumers said they would be worried about a non-compliant call centre handling their data.
Nearly three quarters (71%) of respondents said they expect insurers and brokers to have been compliant by the deadline at the end of last year.
Of the remainder, the majority (17%) would only allow a maximum of three months’ grace before expecting compliance.
Failure to meet the PCI requirements can expose a merchant to liability for a fine running into the tens of thousands of pounds.
Callstream published research last year showing that 99% of all call centres were not compliant with the new standard.
Commenting on the survey’s findings, Callstream CEO Mick Crosthwaite said: “Consumers are better informed about security legislation than we may think. Even if they don’t know the exact rules, they know the risks of giving their payment card details through insecure channels, such as verbally to a call centre agent – and they are voting with their feet.
“For those brokers that are not compliant, the question is no longer ‘if’ they will lose customers, but ‘when’ and by how much this attrition will affect new business.”
“Most of the insurance industry is failing to minimise the risk of a security breach by ensuring that those credit card details have no contact with IT infrastructure or staff and to achieve PCI compliance.
“Consumers are now too aware of the risks and insurers’ requirements to tolerate such poor service.”
Callstream provides cloud-based call management technology to the UK insurance, retail and travel industries.
Callstream’s Vault call centre PCI compliance technology suppresses the tones when callers enter their credit card details via telephone keypads so they are not audible to call recording systems or call centre agents.
The details are then forwarded directly and securely to the insurer’s card payment gateway and not stored by the broker.